The Hacker News — Cyber Security, Hacking, Technology News

Ransomware has been around for a few years, but it has become an albatross around everyone's neck, targeting big businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars.

Last year, we saw some major ransomware outbreaks, including WannaCry and NotPetya, which wreaked havoc across the world, hitting hundreds of thousands of computers and business networks worldwide.

From small to mid-range businesses, Microsoft Office 365 remains the most widely used and fastest-growing work office suite, so it's no surprise that it has become a primary target for viruses, ransomware, and phishing scams.

In fact, most strains of ransomware target Microsoft productivity apps such as Word, Excel and encrypt sensitive data to hold the company hostage until the ransom is paid.

Now, to combat such cyber attacks, Microsoft has announced some new security features for Office 365 that can help users mitigate the damage done by ransomware and other malware infections.

The new features were initially introduced for OneDrive for Business, but that the company is now rolling them out to anyone who has signed up for an Office 365 Home or Personal subscription, Microsoft Office blog says.

Here below I have briefed the list of new features:

File Recovery and Anti-Ransomware

Files Restore—Microsoft Office 365 now allows users to restore entire OneDrive to a previous point in time within the last 30 days. This feature can be used to recover files from an accidental mass delete, file corruption, ransomware, or any catastrophic event.

Ransomware detection & recovery—Office 365 had also introduced a new security feature that detects ransomware attacks and alerts you through an email, mobile, or desktop notification while helping you restore your OneDrive to a point before the malware compromised files.

Security and Privacy Features

Office 365 has added three new features to help keep your confidential or personal data (such as tax documents, family budgets, or a new business proposal) secure and private when sharing them online.

Password protected sharing links—This feature allows you to set a password for your shared file and folders, preventing unauthorized access even if your recipient accidentally forwards protected documents to others.

Email encryption—This feature allows users to send/receive end-to-end encrypted emails in Outlook over a secure connection, providing additional protection to minimize the threat of being intercepted.

Prevent forwarding—Microsoft now enables you to restrict your email recipients from forwarding or copying emails you send to them from Outlook. Besides this, any MS Office document attached to your emails will remain encrypted even after downloading, so if the recipient shares your attachment with others, they will not be able to open it.

Advanced Protection from Viruses and Cybercrime

Advanced link checking in Word, Excel, and PowerPoint—Office 365 also offers built-in real-time web protection, which monitors every link you click in Word, Excel, and PowerPoint and notifies you if it is suspicious.

File Recovery and Anti-Ransomware features began rolling out starting today and will be available to all Office 365 users soon, while features to help keep your information secure and private (including password protected sharing links, email encryption, and prevent forwarding) will start rolling out in the coming weeks.

Advanced link checking and advanced attachment scanning are already available in MS Outlook that protects you from previously unseen viruses and phishing scams in real-time. However, advanced link checking in Word, Excel, and PowerPoint will roll out in the second half of 2018.

But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks.

Two massive ransomware attacks — WannaCry and Petya (also known as NotPetya) — in a month have caused chaos and disruption worldwide, forcing hospitals, ATMs, shipping companies, governments, airports and car companies to shut down their operations.

Most ransomware in the market, including WannaCry and NotPetya, are specifically designed to target computers running Windows operating system, which is why Microsoft has been blamed for not putting proper defensive measures in place to prevent such threats.

But not now!

In the wake of recent devastating global ransomware outbreaks, Microsoft has finally realized that its Windows operating system is deadly vulnerable to ransomware and other emerging threats that specifically targets its platform.

To tackle this serious issue, the tech giant has introduced a new anti-ransomware feature in its latest Windows 10 Insider Preview Build (16232) yesterday evening, along with several other security features.

Microsoft is planning to introduce these security features in Windows 10 Creator Update (also known as RedStone 3), which is expected to release sometime between September and October 2017.

The anti-ransomware feature, dubbed Controlled Folder Access, is part of Windows Defender that blocks unauthorized applications from making any modifications to your important files located in certain "protected" folders.

Applications on a whitelist can only access Protected folders. So you can add or remove the apps from the list. Certain applications will be whitelisted automatically, though the company doesn't specify which applications.

Once turned on, "Controlled folder access" will watch over files stored inside Protected folders and any attempt to access or modify a protected file by non-whitelisted apps will be blocked by Windows Defender, preventing most ransomware to encrypt your important files.

So, whenever an application tries to make changes to Protected files but is blacklisted by the feature, you will get a notification about the attempt.

Here's how to allow apps that you trust is being blocked by the Controlled folder access feature to access Protected folders:

Go to Start menu and Open the Windows Defender Security Center

Go to the Virus & Threat Protection settings section

Click 'Allow an app through Controlled folder access' in the Controlled folder access area

Click 'Add an allowed app' and select the app you want to allow

Windows library folders like Documents, Pictures, Movies, and Desktop are designated as being compulsorily "protected" by default, which can not be removed.

However, users can add or remove their personal folders to the list of protected folders. Here's how to add folders to Protected folders list:

Go to Start menu and Open the Windows Defender Security Center

Go to the Virus & Threat Protection settings section

Click 'Protected folders' in the Controlled folder access area

Enter the full path of the folder you want to monitor

Users can also enter network shares and mapped drives, but environment variables and wildcards are not supported at this moment.

Other Security Feature Introduced in Windows 10 Insider Program

With the release of Windows 10 Insider Preview Build 16232, Windows Defender Application Guard (WDAG) for Edge — a new system for running Microsoft Edge in a special virtual machine in order to protect the OS from browser-based flaws — also received improvements in usability.

Windows 10 Insider Preview Build also comes with support for Microsoft Edge data persistence when using WDAG.

"Once enabled, data such as your favorites, cookies, and saved passwords will be persisted across Application Guard sessions," Microsoft explains.
"The persisted data will be not be shared or surfaced on the host, but it will be available for future Microsoft Edge in Application Guard sessions."

Another new security feature called Exploit Protection has been introduced in Windows 10 16232, which blocks cyber attacks even when security patches are not available for them, which means the feature will be useful particularly in the case of zero-day vulnerabilities.

In the Fall Creators Update for Windows 10, Microsoft has also planned to use a broad range of data from Redmond's cloud services, including Azure, Endpoint, and Office, to create an AI-driven Antivirus (Advanced Threat Protection) that can pick up on malware behavior and protect other PCs running the operating system.

Also, we reported about Microsoft's plan to build its EMET or Enhanced Mitigation Experience Toolkit into the kernel of the upcoming Windows 10 to boost the security of your PC against complex threats such as zero-day vulnerabilities.

Also, the company is planning to remove the SMBv1 (Server Message Block version 1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — from the upcoming Windows 10 (1709) Redstone 3 Update.

Besides this, some other changes and improvements have also been introduced with the release, along with patches for several known issues.

Ransomware has risen dramatically since last few years, so rapidly that it might have already hit you or someone you know.

With hundred of thousands of ransomware variants emerging every day, it is quite difficult for traditional signature-based antivirus tools to keep their signature database up-to-date.

So, if signature-based techniques are not enough to detect ransomware infection, then what else can we do?

The solution is RansomFree.

Boston-based cyber security firm Cybereason has released RansomFree — a real-time ransomware detection and response software that can spot most strains of Ransomware before it starts encrypting files and alert the user to take action.

RansomFree is a free standalone product and is compatible with PCs running Windows 7, 8 and 10, as well as Windows Server 2010 R2 and 2008 R2.

Instead of regularly updated malware signatures to fight the bad programs, RansomFree uses "behavioral and proprietary deception" techniques to detect new ransomware variants in action before the threat has a chance to encrypt your data.

The company analyzed tens of thousands of ransomware variants belonging to more than 40 ransomware strains, including Locky, TeslaCrypt, Cryptowall, and Cerber and "identified the behavioral patterns that distinguish ransomware from legitimate applications."

"The ability to detect and stop never-before-seen ransomware is one of the features that makes RansomFree so unique," the company's spokesperson told The Hacker News. "The tool identifies ransomware behaviors including attempts targeting local disks, as well as detecting and stopping encryption over shared network drives."

If it finds any such behavior on your PC, RansomFree suspends that program and flags it for your review. It’s then up to you to either enable the program or allow RansomFree to stop it permanently.

By default, the anti-ransomware tool suspends any activity it finds suspicious — even if it is a legitimate encryption software that has some behavior in common with ransomware.

With this type of approach, even brand new ransomware infections will be stopped in their tracks without you having to worry about updates to the malicious software.

"What's worse, a major part of the consumer population threatened by ransomware attacks have little recourse but to either pay the ransom, or risk losing their stolen content."

RansomFree can detect 99 percent of all ransomware strains and will also offer you protection against future ransomware strains, as the company said RansomFree would be updated daily in an attempt to stay ahead in this arms race.

Earlier this year, we also reported about another behavior-based anti-ransomware tool, dubbed RansomWhere, available for Mac OS X users that can identify ransomware-like behavior by continually monitoring the file-system for the creation of encrypted files by suspicious processes.

RansomWhere also works in a similar way like RansomFree, blocking the suspicious processes and waiting for the user to decide whether to allow or stop the process.

Besides using an anti-ransomware tool, you are also recommended to regularly backup your files, keep your OS and software programs up-to-date, disable Java and Flash when possible, do not download apps from unknown, untrusted websites, and be extra conscious when opening links and downloading attachments in an email.